News and Research articles on GDPRLocal memory features, from an EU law perspective, may be covered by cookie regulations. Considerations should be paid to reconcile the regulatory requirements to balance fundamental rights protection and fostering AI innovation.
Often invisible amid the noisy proclamations of leaders from large states and big tech firms, representatives of small states have nonetheless powerfully shaped EU digital politics.
What does a recent decision by the European Union’s Court of Justice – ruling that IAB Europe is liable under the GDPR for a technical standard it wrote – mean for internet standard-setting organisations?
Zero-knowledge proofs allow the implementation of the data minimisation principle imposed by the GDPR in digital identity wallets and the related personal data transactions, therefore representing a reasonable option to be enforced by lawmakers.
The principle of proportionality not only addresses the conflict among competing interests under Article 15(1)(h) GDPR but also shapes the justifications for public interest restrictions on the right of access to AI decision-making information.
This piece examines the urgent need for a harmonised approach to balancing the rights to freedom of expression and information with the right to personal data protection under the EU legal system.
This paper delivers a legal analysis that explores whether the privacy labels of the Apple App Store and Google Play Store meet the requirements of the General Data Protection Regulation (GDPR), along with insights into the adoption of app developers to map the extent of the problem.
On the 23 February 2023, the Italian Data Protection Authority (DPA) issued a decision against Ediscom S.p.A. (Garante per la Protezione dei Dati Personali, 2023) explicitly referring to “dark patterns”, i.e. online design choices that manipulate users’ decision-making to benefit digital services.
European smart city technology development suffers from one-sided inputs and high compliance costs. Due to this developers may look into markets with lower standards for human rights compliance.
Reproducing the GDPR provided the LGPD with principles that compel firms to innovate in the Brazilian privacy-enhancing technologies market. To rebalance opportunities for Brazilian firms, this paper advocates implementing local content policy for privacy-enhancing technologies.
GDPR compliance can be hard, but does not have to, as we demonstrate in the context of consent banners and mobile apps.
The role of voluntary standards as intermediaries in the application of the Right to Data Portability: an empirical analysis.
Has the GDPR changed privacy in apps? We study how third-party tracking—a common privacy threat—has changed since the GDPR was introduced.
This paper is part of Governing “European values” inside data flows, a special issue of Internet Policy Review guest-edited by Kristina Irion, Mira Burri, Ans Kolk, Stefania Milan. Introduction Governments’ interest in the “datafied society” (Hintz et al., 2018) as an object of policy and regulation is nothing new, with a long-held recognition that governance protocols (policies, ethics frameworks, and regulations) can be used to reshape the technological infrastructure underpinning society and hence its nature (Floridi, 2018; van Dijck & Poell, 2016). However, the widespread adoption of the term “sovereignty”—a concept loaded with legal and political connotations—to describe authority over …
This article assesses the bidirectional interaction between meso- and macro-level data governance frameworks.
Can public authorities in the EU continue using US cloud services in light of the EU Court’s view of the US surveillance regime? Maybe, but it will require a lot of work.
The extraterritorial application of GDPR does not promote European values. Rather, it evokes wrong expectations about the universality of individual rights.
Although the GDPR paves the way for a coordinated EU-wide legal action against data protection infringements, only a reform of private international law rules can enhance the opportunities of data subjects to enforce their rights.
The European Commission recently released its first review of two years of application of the General Data Protection Regulation (GDPR). René Mahieu and Jef Ausloos do not agree with the largely positive self-assessment and explain their main points of contention by summarising their own submission to the Commission.
A young entrepreneur finds herself battling uphill against GDPR enforcement organisations in an effort to bring her AI personal assistant to the market. Can her technological wits outwin the legal shortcuts these organisations have in place?